Splunk

Turn Machine Data Into Answers. Splunk delivers real-time answers and business value from machine data so you can make better decisions.

Integration with LogicHub

Connecting with Splunk

To connect to Splunk following details are required

  • URL: URL of the Splunk server (e.g., https://www.example.com)
  • User: User name to log in with.
  • Password: Password to log in with.

Actions with Splunk

Update Notables

Update the status, urgency, or comment of one or more notable events.

Inputs to this Action:

  • EventID: Event ID of notable
  • Comment: Comment to use in notable
  • Status: Status of notable
  • Urgency: Notable urgency (Unknown/Low/Medium/High/Critical)

Output of Action:
JSON object containing results of performing the action

Query

Runs query on Splunk

Inputs to this Action:

  • Query String: Search query string
  • Search Window Start (Optional): Start window of search query to fetch results for. Default 'flow-start-time'
  • Search Window End (Optional): End window of search query to fetch results for. Default 'flow-end-time'
  • Interval (Optional): Slice search into smaller intervals (in seconds)

Output of Action:
JSON object containing results of performing the action.

List Users

Lists Splunk users

Inputs to this Action:
No Required Input

Output of Action:
Multiple rows containing result JSON of Splunk users details

Restart Splunk

Restarts Splunk Web interface and/or splunkd server daemon.

Inputs to this Action:

  • Restart splunkd server daemon (Optional): Select option Yes/No whether to restart splunkd server daemon in addition to Splunk Web Interface

Output of Action:
JSON object containing results of performing the action.

Reset User Password

Resets given user's password

Inputs to this Action:

  • Splunk user column: Select column containing user whose password is to be reset.
  • Old password column: Select column containing the existing password that is to be reset.
  • New password column (Optional): Select column containing a new password. If omitted, a random password will be generated and used.
  • Force Change Password (Optional): Select option Yes/No. Forces user to change the password on login with a reset password. Default 'Yes'.

Output of Action:
JSON object containing results of performing the action

Configure Replication Factor

Configures replication and Search factor. Requires a restart of splunkd server daemon.

Inputs to this Action:

  • Replication Factor: Set Cluster Replication Factor.
  • Search Factor: Set Cluster Search Factor.
    Note: Search Factor must not be more than the Replication Factor

Output of Action:
JSON object containing results of performing the action.


Did this page help you?